Cross-site scripting (XSS) vulnerability in Special:PasswordReset in MediaWiki before 1.19.16, 1.21.x before 1.21.10, and 1.22.x before 1.22.7, when wgRawHtml is enabled, allows remote attackers to. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable.
XSS
Mediawiki
NVD
CVSS 2.0
2.6
EPSS
0.3%